2. Cyber
● Before there was cyberpunk or cybersecurity,
there was cybernetics.
● In the late 1940s, cybernetics arose as the study
of control systems and communications between
people and machines
3. Cyber Space
● A widespread interconnected digital
technology
● It refers to the online world as a world 'apart',
as distinct from everyday reality
4. Cyber Security
● Cyber Security is the process of applying security
measures to ensure confidentiality, integrity, and
availability of data.
● Cyber Security attempts to assure the protection
of assets, which includes data, desktop, servers,
buildings and most importantly, humans.
5. Data
● In general, data is any set of characters that has
been gathered and translated for some purpose,
usually analysis.
● It can be any character, including text and
numbers, pictures, sound, or video.
● Raw data describes the facts and figures that a
company processes every day.
6. Data classification
● Data classification is one of the most important
steps in data security.
● Not all data is created equal, and few businesses
have the time or resources to provide maximum
protection to all their data.
● That’s why it’s important to classify your data
based on how sensitive or valuable it is
7. Data classification
● Common data classifications include
○ Highly Confidential
○ Sensitive
○ Internal Use Only
○ Public
8. Highly Confidential
● This classification applies to the most sensitive
business information that is intended strictly for
use within your company.
● Its unauthorized disclosure could seriously and
adversely impact your company, business
partners, vendors and/or customers in the short
and long term.
● It could include credit-card transaction data,
customer names and addresses, card magnetic
stripe contents, passwords and PINs, employee
payroll files, etc.
9. Sensitive
● This classification applies to sensitive business
information that is intended for use within your
company, and information that you would
consider to be private should be included in this
classification.
● Examples include employee performance
evaluations, internal audit reports, various
financial reports, product designs, partnership
agreements, marketing plans and email
marketing lists.
10. Internal Use Only
● This classification applies to sensitive information
that is generally accessible by a wide audience
and is intended for use only within your
company.
● While its unauthorized disclosure to outsiders
should be against policy and may be harmful, the
unlawful disclosure of the information is not
expected to impact your company, employees,
business partners, vendors and the like.
12. CIA
● Confidentiality, Integrity, Availability
● A model designed to guide policies for
information security within an
organization
● Considered the three most crucial
components of security
13. Confidentiality
● Equivalent to privacy
● A set of rules that limits access to
information
● Designed to prevent sensitive
information from reaching the
wrong people, while making sure that
the right people can in fact get it
● i.e. Data Encryption, User ID &
Password, Two-Factor Authentication,
Biometric lock system
14. Integrity
● It involves maintaining the
consistency, accuracy, and
trustworthiness of data over its entire
life cycle
● Data must not be changed in transit,
and steps must be taken to ensure
that data cannot be altered by
unauthorized people
● i.e. File Permissions, Access Control,
Checksums
15. Availability
● A guarantee of reliable access to the
information by authorized people
whenever required
● Best ensured by maintaining all
hardware, performing hardware
repairs immediately when needed and
maintaining a correctly functioning
operating system environment
● i.e. Load Balancing, Back-up Servers
16. AAA
● Concept relating to the people who
use that information
○ Authentication
○ Authorization
○ Non-repudiation
17. Authentication
● Authentication is a process of identifying the
person before accessing the system.
● It allows user to access the system information
only if authentication check got passed.
● Apart from Username & password combination,
the authentication can be implemented in
different ways like asking secret question and
answer, OTP (One Time Password) over SMS,
biometric authentication, Token based
authentication like RSA Secure ID token etc.
18. Authorization
● Once the Authentication passed the
Authorization comes in the picture to
limit the user as per the permission set
for the user.
● The Authorization is generally
implemented on Access control list,
user role based, user group based
and define the permissions &
restrictions to specific user group or
granting or revoking the privileges for
the users.
19. Access Control
● Access control is the selective
restriction of access to some kind of
resource (a folder, a file, and a
device).
● There are different types of
approaches to access control.
○ DAC
○ MAC
○ RBAC
○ MLS
20. DAC
● Discretionary Access Control
● Every user can decide who can, with
which permission, read/write his/her
files.
21. MAC
● Mandatory Access Control
● The administrator decides the security
policy and all the files in the system
will comply
22. RBAC
● Role Based Access Control
● The permissions are not granted per
user, but according to the role
● This allows big organizations to assign
permission to roles and roles to users,
making it easier to create, modify or
delete users.
23. MLS
● Multi Level Security
● Each user has a trust level and each item has
a confidentiality level.
● The administrator is still the one who is in
charge or creating the security policy, as in
MAC systems, but the system will ensure that
each user will only see the items that have a
confidentiality level allowed to him based on
some system configurations and the user trust
level
24. Non-Repudiation/Accountability
● Tracking who is accessing the systems and
which of the requests were denied along with
additional details like the Timestamp and the IP
address from where the requests came from.
● Means confirmation sent by receiver to sender
that the requested services or information was
successfully received as Digital confirmation e.g.
Digital Certificates, this not only serves as
acknowledgement but also helps to validate both
sender and receiver is genuine.
25. Cyber Crimes
● Cybercrime is a crime that involves a computer and a network.
● The computer may have been used in the commission of a crime,
or it may be the target or it may be the tool.
27. Hacking
● A commonly used hacking definition is the act of compromising
digital devices and networks through unauthorized access to an
account or computer system. Hacking is not always a malicious
act, but it is most commonly associated with illegal activity and
data theft by cyber criminals.
● Hacking refers to the misuse of devices like computers,
smartphones, tablets, and networks to cause damage to or corrupt
systems, gather information on users, steal data and documents,
or disrupt data-related activity.
28. Denial of Service Attack
● A Denial-of-Service (DoS) attack is an attack meant to shut
down a machine or network, making it inaccessible to its intended
users.
● DoS attacks accomplish this by flooding the target with traffic, or
sending it information that triggers a crash.
29. Identity Theft
● It is the use by one person of another person's personal
information, without authorization, to commit a crime or to deceive
or defraud that other person or a third person.
● Where personal information is stolen and used.
30. Malware Dissemination
● Malware (short for “malicious software”) is a file or code, typically
delivered over a network, that infects, explores, steals or conducts
virtually any behavior an attacker wants.
● Malware, or malicious software, is any program or file that is
intentionally harmful to a computer, network or server.
● Types of malware include computer viruses, worms, Trojan
horses, ransomware and spyware. These malicious programs
steal, encrypt and delete sensitive data; alter or hijack core
computing functions and monitor end users' computer activity.
31. Cyber Vandalism
● Computer Vandalism is a type of process in which a program has
the ability to perform malicious tasks such as getting someone’s
passwords or important data.
● This can even include the removal of user data or deleting one's
hard drive.
32. Cyber Terrorism
● Cyber terrorism is a type of attack in which a person uses the
Internet to establish violent acts which may result in loss of a life,
harm to a person or threaten to life.
● The main object of this is to gain political advantages by the use of
threat.
33. Online Fraud
● Online fraud in cyber security includes online scams, spam,
identity theft, a scammer buying products online from your
account without your knowledge, identity spoofing, scam pop-up
alerts, chain letter scams, etc.
34. Software Piracy
● Software piracy is the illegal copying, installation, use,
distribution, or sale of software in any way other than that is
expressed in the license agreement.
● The software industry is facing huge financial losses due to the
piracy of software.
● Piracy of software is performed by end-users as well as by the
dealers.
35. Forgery
● The term forgery usually describes a message related attack
against a cryptographic digital signature scheme.
● That is an attack trying to fabricate a digital signature for a
message without having access to the respective signer's private
signing key.
36. Phishing
● Phishing works by sending messages that look like they are
from a legitimate company or website.
● Phishing messages will usually contain a link that takes the user
to a fake website that looks like the real thing.
● The user is then asked to enter personal information, such as their
credit card number.
37. Spam
● Spam is any kind of unwanted, unsolicited digital
communication that gets sent out in bulk.
● Often spam is sent via email, but it can also be distributed via text
messages, phone calls, or social media.
38. Spoofing
● Spoofing is the act of disguising a communication from an
unknown source as being from a known, trusted source.
● Spoofing happens when cybercriminals use deception to
appear as another person or source of information.
● Spoofing can apply to emails, phone calls, and websites, or can
be more technical, such as a computer spoofing an IP address,
Address Resolution Protocol (ARP), or Domain Name System
(DNS) server.
39. Defamation
● Any deliberate, false communication—spoken or written—on any
online platform, or any publication of a false statement—that can
damage an individual’s reputation, diminish their self-respect,
undermine their dignity, undermine their confidence, or harm their
character in the public or social sphere is known as Defamation.
● Injuring the reputation of a person on the internet by using
social media email, etc.
41. Viruses
● Created to relentlessly self-replicate
● it infects programs and files. The malicious activities may be
targeted at destroying valuable data or causing unrepairable
damages
42. Backdoor
● Malicious code that installs itself onto a computer to allow the
attacker access.
● Backdoors usually let the attacker connect to the computer with
little or no authentication and execute commands on the local
system.
43. Downloader
● Malicious code that exists only to download other malicious
code.
● Downloaders are commonly installed by attackers when they
first gain access to a system.
● The downloader program will download and install additional
malicious code.
44. Launcher
● Malicious program used to launch other malicious programs.
● Usually, launchers use nontraditional techniques to launch other
malicious programs in order to ensure stealth or greater access to
a system.
45. Rootkit
● Malicious code designed to conceal the existence of other code.
● Rootkits are usually paired with other malware, such as a
backdoor, to allow remote access to the attacker and make the
code difficult for the victim to detect.
46. Spyware
● The software is created to spy on the victim.
● It is secretly implanted on the computing device by the hacker.
● The spyware gathers information and sends it to the hacker.
47. Adware
● The malicious program is devised to pop-up unwanted
advertisements on the victim’s computer without their permission.
● The pop-ups are uncontrollable and tend to behave erratically.
48. Scareware
● Malware designed to frighten an infected user into buying
something.
● It usually has a user interface that makes it look like an antivirus or
other security program.
● It informs users that there is malicious code on their system and
that the only way to get rid of it is to buy their “software,” when in
reality, the software it’s selling does nothing more than remove the
scareware.
49. Spamware
● Malware that infects a user’s machine and then uses that machine
to send spam.
● This malware generates income for attackers by allowing them to
sell spam-sending services.
50. Ransomware
● The ransom malware blocks the user from accessing the files or
programs and the malware removal demands to pay the ransom
through certain online payment methods.
● Once the amount is paid the user can resume using their system.
51. Key-Logger
● Tools designed to record every keystroke on the affected machine
for later retrieval
● It stores the data regarding each and every key user presses on the
keyboard.
● It is very commonly used method to get username and passwords
from a legitimate user.
52. Botnet
● The cybercriminal blocks a user actions and takes full control of the
system.
● The hacker creates a network of malware-infected computers
which functions as a bot.
● The botnet is used to transmit malware, send spam emails, and
execute other malicious tasks.
53. Types of Possible Attacks
● Denial-of-Service
● 0-Day
● Brute Force
● Advanced Persistent Threat
● Automated Exploitation Tools
54. Types of Possible Attacks
● ISP Intercept
● Supply Chain Attack
● Social Engineering
56. Script Kiddies
● A relatively unskilled individual who uses scripts or programs,
such as a web shell, developed by others to attack computer
systems and networks and deface websites
57. Motivated individuals
● This includes multiple kinds of attackers, such as small-scale
industrial espionage, rogue or malicious employees, or
disaffected customers.
● They act alone
58. Highly Capable Groups
● These groups often refer to themselves as Hacktivist and are not
typically commercially funded, but can pose a serious threat to
service providers and cloud operators.
● Many groups of hackers have organized themselves lately, such
as Lulzsec and Anonymous.
59. Organized Hackers
● These are groups of hackers who are usually highly capable.
● These groups are financially driven and able to fund in-house to
exploit development and target research.
● Multiple groups fall in this category, from the Russian Business
Network to the various organized groups that undertake industrial
espionage.
60. Intelligence Agencies
● They usually have capabilities greater than any other attacker,
because they can bend rules without breaking them and can be
authorized to violate rules.
● Intelligence agencies and other governmental players are
comparable to organized hackers, but usually have far more
money they can spend on those operations, making them more
effective.
61. E-mail Spoofing
● Email spoofing is a trick that spammers and identity thieves use to baffle and deceive
people. The concept is that if an email seems to originate from a recognized sender,
the aim of the phishing mail will be more probable to fall for the deception.
● Email security must remain a main concern for every business. Here are tips on
protecting yourself against email spoofing:
○ Firstly check the salutation
○ Take care of grammar mistakes
○ Must check the links in email
○ Claiming that an email has come from reliable source
○ Forward spoofed emails to FTC
62. Cyber Defamation
● Cyber defamation refers to libel or slander that is expressed
online, typically via a publicly accessible website.
63. Cyber Defamation
● Who does Defamation
○ Social media news channels
■ A new marketplace has emerged where public shaming is a
commodity and shame is an industry. Nowadays, money is
made on the clicks, the more shame the more clicks and
the more advertising revenue.
64. Cyber Defamation
● Who does Defamation
○ Disgruntled employee
■ Sends derogatory, defamatory, vulgar and abusive emails to
the company’s superiors or management.
○ Ex-friend / Ex-spouse
■ Obscene messages are sent to friends/ family or even on
porn sites.
65. Cyber Defamation
● Who does Defamation
○ Political rivalry
■ Defaming rival party with false content and false context.
○ Religious rivalry
■ Trying to manipulate perceptions and creating false
propaganda.
66. Free Speech vs Defamation
● Freedom of Expression and Speech, as provided under Article 19
(1) (a) in our Constitution, provides that all citizens shall have the
right to freedom of expression and speech. However, such freedom
is subject to reasonable restrictions.
● The protection of the reputation of the other person falls within the
ambit of reasonable restriction and any comment or remark which
hampers the reputation of another person will invite liability under
the law of defamation.
67. Law against Defamation
● Section 499 of IPC
○ Says that whoever, by words either spoken or intended to be
read, or by signs or by visible representations, makes or
publishes any imputation concerning any person intending to
harm, or knowing or having reason to believe that such
imputation will harm the reputation of such person.
68. Law against Defamation
● Section 469 of IPC
○ Says that whoever commits forgery, intending that the document
or electronic record forged shall harm the reputation of any
party, or knowing that it is likely to be used for that purpose shall
be punished.
69. Law against Defamation
● Section 503 of IPC
○ Says that whoever threatens another with any injury to a person,
reputation or property, or to the person or reputation of anyone in
whom that person is interested, with intent to cause alarm to that
person, or to cause that person to do any act which he is not
legally bound to do, or to omit to do any act which that person is
legally entitled to do, as the means of avoiding the execution of
such threats, commits criminal intimidation.
70. Internet Time Theft
● It refers to the theft in a manner where the unauthorized person
uses internet hours paid by another person.
71. Salami Attack
● A “salami attack” is a form of cyber crime usually used for the
purpose of committing financial crimes in which criminals steal
money or resources a bit at a time from financial accounts on a
system.
● A salami attack is when small attacks add up to one major attack.
● These attacks often go undetected due to the nature of this type of
cyber crime.
73. Salami Slicing
● Salami slicing is when the attacker uses an online database to
seize the information of customers, that is bank/credit card details.
● The attacker deducts minuscule amounts from every account over
a period of time.
● These amounts naturally add up to large sums of money that is
unnoticeably taken from the collective accounts.
● Most people do not report the deduction, often letting it go
because of the amount involved.
74. Penny Shaving
● Penny shaving is the fraudulent practice of stealing money
repeatedly in extremely small quantities.
● By taking advantage of rounding to the nearest cent (or other
monetary unit) in financial transactions.
● The idea is to make the change small enough that any single
transaction will go undetected.
76. Case Study 1 – Salami Attack
● In California, Between November and March of 2008, Michael
Largent, a 21 year old wrote a program which allowed him to take
advantage of the practice of challenge deposits which companies
like Google, E*Trade, Charles Schwab, and other companies use
to validate a clients bank account .
77. Case Study 1 – Salami Attack
● The program set up more than 58,000 user accounts which
resulted in challenge transactions between $0.01 to $2.00 to be
sent to accounts belonging to Largent; the funds, amounting to
somewhere between $40,000 and$50,000, were then transferred
into other accounts belonging to Largent.
● An important element of Largent’s fraud is that his program
created accounts using fraudulent names and social security
numbers which under 18 U.S.C.
78. Case Study 2 – Salami Attack
● In Pune, city-based senior High Court lawyer Amit Kumar
Bhowmik, lost Rs 180 after getting three calls from an unknown
number during August 2013.
● He had received three blank calls on his mobile phone from an
unknown number (+9126530000300).
● When he checked his billing account with Airtel online, he realised
he was charged Rs 60 for each call.
79. Case Study 2 – Salami Attack
● Annoyed with the repeated badgering, Bhowmik lodged a
complaint with the Cyber Crime Cell of the Pune police crime
branch.
● The Cyber Crime Cell failed to trace the location or identify the
user of the phone yet, as the privacy policies of mobile companies
have been a hurdle in the tracking down of the offenders.
● Victims hardly ever approach the Cyber Crime Cell, so racketeers
consider this method a safe way to make big money.
80. Prevention
● Banks have to update their security so that the attacker doesn’t
familiarize himself/herself with the way the framework is
designed.
● Banks should advise customers on reporting any kind of money
deduction that they aren’t aware that they were a part of.
● Customers should ideally not store information online when it
comes to bank details.
81. Laws against Salami Attacks
● Anyone found guilty for salami attacks are liable for punishment
under Section 66 IT Act.
● Any unauthorized person who secures or attempts to secure
access to a protected system is liable to be punished with
imprisonment, which may extend to 10 years and may also be
liable to fine.
● This is an offence under Section 70 in IT Act, 2000.
82. Industrial Spying/Espionage
● A covert and sometimes illegal practice of investigating
competitors to gain business advantage.
● The target of an investigation might be a trade secret, such as a
proprietary product specification or formula, or information about
business plans.
83. Industrial Spying/Espionage
● An industrial spy may be an insider threat, such as an individual
who has gained employment with the company for the purpose of
spying or a disgruntled employee who trades information for
personal gain or revenge.
● Spies may also infiltrate through social engineering tactics, for
example, by tricking an employee into divulging privileged
information.
84. Industrial Spying/Espionage
● Spies sometimes physically breach the target organization and
investigate the premises.
● In that case, they might search wastebaskets or copy files or hard
drives of unattended computers.
● Industrial espionage is most often found in technology-focused
companies, in part because of the considerable expense of
technology research and development (R&D).
85. Types of Industrial Espionage
● IP Theft
● Property Trespass
● Hiring Away Employees
● Wiretapping or eavesdropping
● Cyber attacks and malware
86. IP Theft
● This type of espionage comes in many different forms.
● For example,
○ it can be a theft of engineering designs from an automobile or
aerospace company;
○ a formula for a new drug from a pharmaceutical company
○ a recipe from a food and beverage or vitamin supplement
company
87. Property Trespass
● Breaking into physical premises or files to obtain company
information is another form of industrial espionage.
● A surprising number of critical corporate assets are still in
physical form and may be obtained by insider employees or by
outsiders who gain access to the premises.
88. Hiring Away Employees
● Competitors frequently try to hire away employees from
companies to gain access to information the employees have
acquired on the job.
● Most of the time, the knowledge employees obtain on the job is
part of the trade and is legitimately transferrable, but there also
are times when employees leave with valuable trade secrets and
formulas in their heads that they can put to work for their new
companies.
89. Wiretapping or Eavesdropping
● Those desiring information from a company can set up portable
devices that listen in or record certain conversations, such as a
confidential board meeting.
● In some cases, this wiretapping may be legal and authorized, but
in others, it is illegal listening for the purpose of economic or
strategic gain.
90. Cyber attacks and malware
● Whether it is through a distributed denial-of-service attack or an
infusion of malware that corrupts a company's network, companies,
governments and organizations also seek to disrupt each other by
sabotaging daily operations and disabling their ability to work.
91. Industrial espionage vs competitive
intelligence
● Industrial espionage is distinct from competitive intelligence, which
is confined to the gathering of publicly available information.
● When organizations, companies and governments gather
competitive information on each other, they research websites,
publications, patent filings, articles and any other publicly available
information that can tell them more about the organization they
are researching. This type of espionage is open to anyone and is
perfectly legal.